Yahoo quickly fixes Flickr SQL injection, remote code execution flaws

Share this article:

A security researcher identified flaws in popular photo sharing service Flickr that could result in SQL injection and remote code execution, but Yahoo acknowledged and quickly patched the problems.

The SQL injection bugs open the door for remote code execution, Ibrahim Raafat wrote in a Saturday post, explaining he was ultimately able to obtain the MYSQL root password and gain access to sensitive information contained within the Flickr database. 

Raafat originally launched Flickr to check if a vulnerability he previously reported to Yahoo had been patched, but soon discovered two Blind SQL Injection vulnerabilities and a Direct SQL Injection flaw in the Flickr Photo Books feature.

The researcher reported the vulnerabilities to Yahoo and the internet corporation patched the problems within six hours, Raafat wrote.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.